diff options
author | Michal Čihař <michal@cihar.com> | 2014-12-03 16:29:55 +0300 |
---|---|---|
committer | Marc Delisle <marc@infomarc.info> | 2014-12-03 16:29:55 +0300 |
commit | 1daa32fb97b90fd1bf233cae9ed249e37fa175c4 (patch) | |
tree | ed1cb471678e836c3d1216c507914e45bad49e4f /url.php | |
parent | 41277d1887300298e007ae3151af9983a6a384af (diff) |
bug #4612 [security] XSS vulnerability in redirection mechanism
Signed-off-by: Marc Delisle <marc@infomarc.info>
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -11,6 +11,10 @@ */ define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; +/** + * JavaScript escaping. + */ +require_once './libraries/js_escape.lib.php'; if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url']) @@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url']) // external site. echo "<script type='text/javascript'> window.onload=function(){ - window.location='" . htmlspecialchars($_GET['url']) . "'; + window.location='" . PMA_escapeJsString($_GET['url']) . "'; } </script>"; // Display redirecting msg on screen. |